That is interesting. I'd love the whole report with their details. If too large to attach (assuming you'd want to) then PM me and we'll figure something out.
Now, my experience with these "scanner" security guys is they just look for anything. MANY things as reported aren't bad, but instead desired or at least harmless. Typically you have to spend a lot of time to understand them so you can decide the real implications. Then with that knowledge in hand, how (or if) to deal with them.
Often their descriptions don't match the original vulnerability description or the software manufactures description so you have to do a lot of analysis of their typically vague descriptions to match them up with what specific issue they are pointing out. Can be very time consuming to advise someone on how to proceed.
I know, having talked in person with the head of systems security at Mitel, that they take it seriously. Not that they are perfect.
Also, what type of Mitel system are you running, and what software version?
-Chak
